Blog Actions

PuTTY releases are rare enough to be somewhat of a surprise when they happen (the last was nearly a year ago). Most noteworthy, this is the first PuTTY version to support elliptic curve cryptography (previously only available in development snapshots).

Security fix: an integer overflow bug in the agent forwarding code. See vuln-agent-fwd-overflow.

Security fix: the Windows PuTTY binaries should no longer be vulnerable to hijacking by specially named DLLs in the same directory (on versions of Windows where they previously were). See vuln-indirect-dll-hijack.

Windows PuTTY no longer sets a restrictive process ACL by default, because this turned out to inconvenience too many legitimate applications such as NVDA and TortoiseGit. You can still manually request a restricted ACL using the command-line option -restrict-acl.

The Windows PuTTY tools now come in a 64-bit version.

The Windows PuTTY tools now have Windows's ASLR and DEP security features turned on.

Support for elliptic-curve cryptography (the NIST curves and 25519), for host keys, user authentication keys, and key exchange.

Run-time option (from the system menu / Ctrl-right-click menu) to retrieve other host keys from the same server (which cross-certifies them using the session key established using an already-known key) and add them to the known host-keys database.